static int client(ssh_session session){ int auth=0; char *banner; int state; if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0) return -1; ssh_options_parse_config(session, NULL); if(ssh_connect(session)){ fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session)); return -1; } state=verify_knownhost(session); if (state != 0) return -1; ssh_userauth_none(session, NULL); banner=ssh_get_issue_banner(session); if(banner){ printf("%s\n",banner); free(banner); } auth=authenticate_console(session); if(auth != SSH_AUTH_SUCCESS){ return -1; } forwarding(session); return 0; }
static int client(ssh_session_t *session) { int auth=0; char *banner; int state; if (user) { if (ssh_options_set(session, SSH_OPTIONS_USER, user) < 0) { return -1; } } if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0) { return -1; } if (proxycommand != NULL) { if(ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, proxycommand)) { return -1; } } ssh_options_parse_config(session, NULL); if(ssh_connect(session)) { fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session)); return -1; } state = verify_knownhost(session); if (state != 0) { return -1; } ssh_userauth_none(session, NULL); banner = ssh_get_issue_banner(session); if(banner) { printf("%s\n", banner); free(banner); } auth = authenticate_console(session); if(auth != SSH_AUTH_SUCCESS) { return -1; } if(!cmds[0]) { shell(session); } else { batch_shell(session); } return 0; }
// TODO: remove this obsolete static int client(ssh_session session) { int auth=0; int state; if (user) if (ssh_options_set(session, SSH_OPTIONS_USER, user) < 0) return -1; if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0) return -1; if (proxycommand != NULL) { if(ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, proxycommand)) return -1; } ssh_options_parse_config(session, NULL); if(ssh_connect(session)) { fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session)); return -1; } state=verify_knownhost(session); if (state != 0) return -1; ssh_userauth_none(session, NULL); auth=authenticate_console(session); if(auth != SSH_AUTH_SUCCESS) { return -1; } shell(session); return 0; }
static ssh_session connect_host(const char *host, int verbose, char *cipher){ ssh_session session=ssh_new(); if(session==NULL) goto error; if(ssh_options_set(session,SSH_OPTIONS_HOST, host)<0) goto error; ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbose); if(cipher != NULL){ if (ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, cipher) || ssh_options_set(session, SSH_OPTIONS_CIPHERS_S_C, cipher)){ goto error; } } ssh_options_parse_config(session, NULL); if(ssh_connect(session)==SSH_ERROR) goto error; if(ssh_userauth_autopubkey(session,NULL) != SSH_AUTH_SUCCESS) goto error; return session; error: fprintf(stderr,"Error connecting to \"%s\": %s\n",host,ssh_get_error(session)); ssh_free(session); return NULL; }
static int _sftp_connect(const char *uri) { char *scheme = NULL; char *user = NULL; char *passwd = NULL; char *host = NULL; unsigned int port = 0; char *path = NULL; unsigned char *hash = NULL; int hlen; int rc = -1; int state = SSH_SERVER_ERROR; int timeout = 10; int method; char *verbosity; if (_connected) { return 0; } rc = c_parse_uri(uri, &scheme, &user, &passwd, &host, &port, &path); if (rc < 0) { goto out; } DEBUG_SFTP(("csync_sftp - conntecting to: %s\n", host)); /* create the session */ _ssh_session = ssh_new(); if (_ssh_session == NULL) { fprintf(stderr, "csync_sftp - error creating new connection: %s\n", strerror(errno)); rc = -1; goto out; } rc = ssh_options_set(_ssh_session, SSH_OPTIONS_TIMEOUT, &timeout); if (rc < 0) { fprintf(stderr, "csync_sftp - error setting options: %s\n", strerror(errno)); goto out; } rc = ssh_options_set(_ssh_session, SSH_OPTIONS_COMPRESSION_C_S, "none"); if (rc < 0) { fprintf(stderr, "csync_sftp - error setting options: %s\n", strerror(errno)); goto out; } rc = ssh_options_set(_ssh_session, SSH_OPTIONS_COMPRESSION_S_C, "none"); if (rc < 0) { fprintf(stderr, "csync_sftp - error setting options: %s\n", strerror(errno)); goto out; } ssh_options_set(_ssh_session, SSH_OPTIONS_HOST, host); if (rc < 0) { fprintf(stderr, "csync_sftp - error setting options: %s\n", strerror(errno)); goto out; } if (port) { ssh_options_set(_ssh_session, SSH_OPTIONS_PORT, &port); if (rc < 0) { fprintf(stderr, "csync_sftp - error setting options: %s\n", strerror(errno)); goto out; } DEBUG_SFTP(("csync_sftp - port set to: %d\n", port)); } if (user && *user) { ssh_options_set(_ssh_session, SSH_OPTIONS_USER, user); if (rc < 0) { fprintf(stderr, "csync_sftp - error setting options: %s\n", strerror(errno)); goto out; } DEBUG_SFTP(("csync_sftp - username set to: %s\n", user)); } verbosity = getenv("CSYNC_SFTP_LOG_VERBOSITY"); if (verbosity) { rc = ssh_options_set(_ssh_session, SSH_OPTIONS_LOG_VERBOSITY_STR, verbosity); if (rc < 0) { goto out; } } /* read ~/.ssh/config */ rc = ssh_options_parse_config(_ssh_session, NULL); if (rc < 0) { goto out; } _ssh_callbacks = (ssh_callbacks) c_malloc(sizeof(struct ssh_callbacks_struct)); if (_ssh_callbacks == NULL) { rc = -1; goto out; } ZERO_STRUCTP(_ssh_callbacks); _ssh_callbacks->userdata = _userdata; _ssh_callbacks->auth_function = _ssh_auth_callback; ssh_callbacks_init(_ssh_callbacks); ssh_set_callbacks(_ssh_session, _ssh_callbacks); rc = ssh_connect(_ssh_session); if (rc < 0) { fprintf(stderr, "csync_sftp - error connecting to the server: %s\n", ssh_get_error(_ssh_session)); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); goto out; } hlen = ssh_get_pubkey_hash(_ssh_session, &hash); if (hlen < 0) { fprintf(stderr, "csync_sftp - error connecting to the server: %s\n", ssh_get_error(_ssh_session)); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); goto out; } /* check the server public key hash */ state = ssh_is_server_known(_ssh_session); switch (state) { case SSH_SERVER_KNOWN_OK: break; case SSH_SERVER_KNOWN_CHANGED: fprintf(stderr, "csync_sftp - The host key for this server was " "not found, but another type of key exists.\n" "An attacker might change the default server key to confuse your " "client into thinking the key does not exist.\n" "Please contact your system administrator.\n" "%s\n", ssh_get_error(_ssh_session)); ssh_print_hexa("csync_sftp - public key hash", hash, hlen); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; break; case SSH_SERVER_FOUND_OTHER: fprintf(stderr, "csync_sftp - the host key for this server was not " "found but an other type of key exists.\n"); fprintf(stderr, "csync_sftp - an attacker might change the default " "server key to confuse your client into thinking the key does not " "exist\n"); fprintf(stderr, "The host key for the server %s has changed.\n" "This could either mean that DNS SPOOFING is happening or the IP " "address for the host and its host key have changed at the same time.\n" "The fingerprint for the key sent by the remote host is:\n", host); ssh_print_hexa("", hash, hlen); fprintf(stderr, "Please contact your system administrator.\n" "%s\n", ssh_get_error(_ssh_session)); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; break; case SSH_SERVER_NOT_KNOWN: if (_authcb) { char *hexa; char *prompt; char buf[4] = {0}; hexa = ssh_get_hexa(hash, hlen); if (hexa == NULL) { ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } if (asprintf(&prompt, "The authenticity of host '%s' can't be established.\n" "RSA key fingerprint is %s.\n" "Are you sure you want to continue connecting (yes/no)?", host, hexa) < 0 ) { free(hexa); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } free(hexa); if ((*_authcb)(prompt, buf, sizeof(buf), 1, 0, _userdata) < 0) { free(prompt); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } free(prompt); if (strncasecmp(buf, "yes", 3) != 0) { ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } if (ssh_write_knownhost(_ssh_session) < 0) { ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } } else { fprintf(stderr,"csync_sftp - the server is unknown. Connect manually to " "the host to retrieve the public key hash, then try again.\n"); } ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; break; case SSH_SERVER_ERROR: fprintf(stderr, "%s\n", ssh_get_error(_ssh_session)); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; break; default: break; } /* Try to authenticate */ rc = ssh_userauth_none(_ssh_session, NULL); if (rc == SSH_AUTH_ERROR) { ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } #if 0 /* authenticate with the server */ if (passwd && *passwd) { DEBUG_SFTP(("csync_sftp - authenticating with user/password\n")); /* * This is tunneled cleartext password authentication and possibly needs * to be allowed by the ssh server. Set 'PasswordAuthentication yes' */ auth = ssh_userauth_password(_ssh_session, user, passwd); } else { DEBUG_SFTP(("csync_sftp - authenticating with pubkey\n")); auth = ssh_userauth_autopubkey(_ssh_session, NULL); } if (auth == SSH_AUTH_ERROR) { fprintf(stderr, "csync_sftp - authenticating with pubkey: %s\n", ssh_get_error(_ssh_session)); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } if (auth != SSH_AUTH_SUCCESS) { if (_authcb != NULL) { auth = auth_kbdint(_ssh_session); if (auth == SSH_AUTH_ERROR) { fprintf(stderr,"csync_sftp - authentication failed: %s\n", ssh_get_error(_ssh_session)); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } } else { ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } } #endif method = ssh_auth_list(_ssh_session); while (rc != SSH_AUTH_SUCCESS) { /* Try to authenticate with public key first */ if (method & SSH_AUTH_METHOD_PUBLICKEY) { rc = ssh_userauth_autopubkey(_ssh_session, NULL); if (rc == SSH_AUTH_ERROR) { ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } else if (rc == SSH_AUTH_SUCCESS) { break; } } /* Try to authenticate with keyboard interactive */ if (method & SSH_AUTH_METHOD_INTERACTIVE) { rc = auth_kbdint(_ssh_session, user, passwd); if (rc == SSH_AUTH_ERROR) { ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } else if (rc == SSH_AUTH_SUCCESS) { break; } } /* Try to authenticate with password */ if ((method & SSH_AUTH_METHOD_PASSWORD) && passwd && *passwd) { rc = ssh_userauth_password(_ssh_session, user, passwd); if (rc == SSH_AUTH_ERROR) { ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } else if (rc == SSH_AUTH_SUCCESS) { break; } } } DEBUG_SFTP(("csync_sftp - creating sftp channel...\n")); /* start the sftp session */ _sftp_session = sftp_new(_ssh_session); if (_sftp_session == NULL) { fprintf(stderr, "csync_sftp - sftp error initialising channel: %s\n", ssh_get_error(_ssh_session)); rc = -1; goto out; } rc = sftp_init(_sftp_session); if (rc < 0) { fprintf(stderr, "csync_sftp - error initialising sftp: %s\n", ssh_get_error(_ssh_session)); goto out; } DEBUG_SFTP(("csync_sftp - connection established...\n")); _connected = 1; rc = 0; out: SAFE_FREE(scheme); SAFE_FREE(user); SAFE_FREE(passwd); SAFE_FREE(host); SAFE_FREE(path); SAFE_FREE(hash); return rc; }
int ssh_open_url(url_t* urlp) { ftp->session = ssh_new(); if (!ftp->session) return -1; /* set log level */ if (ftp_get_verbosity() == vbDebug) { int verbosity = SSH_LOG_PROTOCOL; ssh_options_set(ftp->session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity); } /* If we have ssh options from yafcrc, load them */ if (gvSSHOptions) { args_t *args = args_create(); args_init(args, 0, NULL); args_push_back(args, gvSSHOptions); int argc = 0; if (ssh_options_getopt(ftp->session, &argc, args->argv) != SSH_OK) { ftp_err(_("Failed to load SSH options from yafcrc config (ssh_options = '%s')\n"), gvSSHOptions); ssh_free(ftp->session); ftp->session = NULL; return -1; } args->argc = argc; args_destroy(args); } /* set host name */ ssh_options_set(ftp->session, SSH_OPTIONS_HOST, urlp->hostname); /* if we have port use that one */ if (urlp->port > 0) ssh_options_set(ftp->session, SSH_OPTIONS_PORT, &urlp->port); /* parse .ssh/config */ int r = ssh_options_parse_config(ftp->session, NULL); if (r != SSH_OK) { ftp_err(_("Failed to parse ssh config: %s\n"), ssh_get_error(ftp->session)); ssh_free(ftp->session); ftp->session = NULL; return r; } /* if we have username use that one */ if (urlp->username) ssh_options_set(ftp->session, SSH_OPTIONS_USER, urlp->username); /* connect to server */ r = ssh_connect(ftp->session); if (r != SSH_OK) { ftp_err(_("Couldn't initialise connection to server: %s\n"), ssh_get_error(ftp->session)); ssh_free(ftp->session); ftp->session = NULL; return r; } /* verify server */ if (verify_knownhost(ftp->session)) { ssh_disconnect(ftp->session); ssh_free(ftp->session); ftp->session = NULL; return -1; } /* authenticate user */ r = test_several_auth_methods(ftp->session, urlp); if (r != SSH_OK) { ftp_err(_("Authentication failed: %s\n"), ssh_get_error(ftp->session)); ssh_disconnect(ftp->session); ssh_free(ftp->session); ftp->session = NULL; return -1; } ftp->ssh_version = ssh_get_version(ftp->session); if (!ftp->ssh_version) { ftp_err(_("Couldn't initialise connection to server\n")); return -1; } ftp->sftp_session = sftp_new(ftp->session); if (!ftp->sftp_session) { ftp_err(_("Couldn't initialise ftp subsystem: %s\n"), ssh_get_error(ftp->session)); ssh_disconnect(ftp->session); ssh_free(ftp->session); ftp->session = NULL; return -1; } r = sftp_init(ftp->sftp_session); if (r != SSH_OK) { ftp_err(_("Couldn't initialise ftp subsystem: %s\n"), ssh_get_error(ftp->sftp_session)); sftp_free(ftp->sftp_session); ftp->sftp_session = NULL; ssh_disconnect(ftp->session); ssh_free(ftp->session); ftp->session = NULL; return r; } ftp->connected = true; ftp->loggedin = true; free(ftp->homedir); ftp->homedir = ftp_getcurdir(); url_destroy(ftp->url); ftp->url = url_clone(urlp); free(ftp->curdir); ftp->curdir = xstrdup(ftp->homedir); free(ftp->prevdir); ftp->prevdir = xstrdup(ftp->homedir); if (ftp->url->directory) ftp_chdir(ftp->url->directory); ftp_get_feat(); return 0; }
/** * @brief Connect to the ssh server. * * @param[in] session The ssh session to connect. * * @returns SSH_OK on success, SSH_ERROR on error. * @returns SSH_AGAIN, if the session is in nonblocking mode, * and call must be done again. * * @see ssh_new() * @see ssh_disconnect() */ int ssh_connect(ssh_session session) { int ret; if (session == NULL) { return SSH_ERROR; } switch(session->pending_call_state){ case SSH_PENDING_CALL_NONE: break; case SSH_PENDING_CALL_CONNECT: goto pending; default: ssh_set_error(session,SSH_FATAL,"Bad call during pending SSH call in ssh_connect"); return SSH_ERROR; } session->alive = 0; session->client = 1; if (session->opts.fd == SSH_INVALID_SOCKET && session->opts.host == NULL && session->opts.ProxyCommand == NULL) { ssh_set_error(session, SSH_FATAL, "Hostname required"); return SSH_ERROR; } /* If the system configuration files were not yet processed, do it now */ if (!session->opts.config_processed) { ret = ssh_options_parse_config(session, NULL); if (ret != 0) { ssh_set_error(session, SSH_FATAL, "Failed to process system configuration files"); return SSH_ERROR; } } ret = ssh_options_apply(session); if (ret < 0) { ssh_set_error(session, SSH_FATAL, "Couldn't apply options"); return SSH_ERROR; } SSH_LOG(SSH_LOG_PROTOCOL, "libssh %s, using threading %s", ssh_copyright(), ssh_threads_get_type()); session->ssh_connection_callback = ssh_client_connection_callback; session->session_state=SSH_SESSION_STATE_CONNECTING; ssh_socket_set_callbacks(session->socket,&session->socket_callbacks); session->socket_callbacks.connected=socket_callback_connected; session->socket_callbacks.data=callback_receive_banner; session->socket_callbacks.exception=ssh_socket_exception_callback; session->socket_callbacks.userdata=session; if (session->opts.fd != SSH_INVALID_SOCKET) { session->session_state=SSH_SESSION_STATE_SOCKET_CONNECTED; ssh_socket_set_fd(session->socket, session->opts.fd); ssh_socket_set_io_callbacks(session->socket, &session->socket_io_callbacks); ret=SSH_OK; #ifndef _WIN32 } else if (session->opts.ProxyCommand != NULL){ ret = ssh_socket_connect_proxycommand(session->socket, session->opts.ProxyCommand); #endif } else { ret=ssh_socket_connect(session->socket, session->opts.host, session->opts.port > 0 ? session->opts.port : 22, session->opts.bindaddr); } if (ret == SSH_ERROR) { return SSH_ERROR; } set_status(session, 0.2f); session->alive = 1; SSH_LOG(SSH_LOG_PROTOCOL,"Socket connecting, now waiting for the callbacks to work"); pending: session->pending_call_state=SSH_PENDING_CALL_CONNECT; if(ssh_is_blocking(session)) { int timeout = (session->opts.timeout * 1000) + (session->opts.timeout_usec / 1000); if (timeout == 0) { timeout = 10 * 1000; } SSH_LOG(SSH_LOG_PACKET,"Actual timeout : %d", timeout); ret = ssh_handle_packets_termination(session, timeout, ssh_connect_termination, session); if (session->session_state != SSH_SESSION_STATE_ERROR && (ret == SSH_ERROR || !ssh_connect_termination(session))) { ssh_set_error(session, SSH_FATAL, "Timeout connecting to %s", session->opts.host); session->session_state = SSH_SESSION_STATE_ERROR; } } else { ret = ssh_handle_packets_termination(session, SSH_TIMEOUT_NONBLOCKING, ssh_connect_termination, session); if (ret == SSH_ERROR) { session->session_state = SSH_SESSION_STATE_ERROR; } } SSH_LOG(SSH_LOG_PACKET,"current state : %d",session->session_state); if(!ssh_is_blocking(session) && !ssh_connect_termination(session)){ return SSH_AGAIN; } session->pending_call_state=SSH_PENDING_CALL_NONE; if(session->session_state == SSH_SESSION_STATE_ERROR || session->session_state == SSH_SESSION_STATE_DISCONNECTED) return SSH_ERROR; return SSH_OK; }